-
Disclose Instagram Personal Private Archived posts when switching to Professional account through creative hub
Introduction Instagram features an “Archive” option, allowing users to conveniently archive their posts. According to Instagram, the content stored in the archive is intended for the user’s private viewing, ensuring that only the account holder has access to this archived material. This functionality provides users with a practical and secure way to manage and revisit…
-
Disclose latest stream video asset earnings for any gaming streamer page
Introduction Within the Facebook gaming dashboard, streamers have access to a valuable feature known as the “Viewing Stream Report.” This option provides essential information about their stream, including details such as the title, description, and tagged game. Streamers can leverage this tool to gain insights into the performance and key attributes of their streams. For…
-
Send messages through notification to facebook & workplace users without getting blocked
Introduction In Facebook workplace, there is an option called “Safety Check” where admins of workplace can add their users as “Safety operator” which lets you report your status during a crisis, for more details about “Safety Check” see this link https://web.facebook.com/workplace/features/safety-check?_rdc=1&_rdr The finding The functionality responsible for processing the “add users” request is susceptible to…
-
How I was able to delete any image in Facebook community question forum
Introduction Facebook Community Question Forum is a dedicated space where users could seek assistance and connect with others by asking questions across various categories. Whether you were looking for advice, troubleshooting, or general information, this platform allowed you to engage with a supportive community. Users and facebook support team, contributed answers to help address queries…
-
Unauthorized Disclosure of Video Thumbnails in Facebook Workplace
Introduction Facebook introduces ‘CANVAS,’ an innovative feature offering businesses the opportunity to create immersive and expressive experiences. Designed to facilitate storytelling and product showcasing, CANVAS provides a dynamic platform for businesses to engage their audience. For more in-depth information, visit https://www.facebook.com/business/news/introducing-canvas. The finding When creating a ‘CANVAS’ on Facebook, various options or components are available,…
-
How I found RXSS in Facebook, Twitter and Google training academy
Introduction On December 23, 2019, I received an email from Facebook Workplace introducing the ‘New Workplace Academy,’ which directed me to the domain ‘https://training.wplearn.com.’ While investigating this domain, I discovered it utilized a third-party service called ‘Intellum.’ During my testing, I identified a reflected XSS vulnerability in the login functionality of the site. Further research…
-
Adding Descriptions to Instagram Posts on Behalf of Other Users
Introduction Instagram, launched in October 2010, is a widely used social media platform recognized for its emphasis on sharing photos and videos. Users create profiles to engage with a global audience, sharing visually compelling moments. Over time, Instagram has evolved with features such as Stories, IGTV, and Reels, transforming into a dynamic hub for creative…
-
Disclose private attachments in Facebook Messenger Infrastructure
Introduction Messenger is a standalone instant messaging app by META. With features like text messaging, voice/video calls, and file sharing, it boasts over a billion users globally. Accessible on multiple devices, it has become a widely-used communication tool. The finding During testing of the Facebook Messenger platform, a critical security vulnerability, identified as an Insecure…